设为首页收藏本站
开启辅助访问
使用wireshark抓取三次握手 您所在的位置:网站首页 syn序列号 使用wireshark抓取三次握手

使用wireshark抓取三次握手

2023-11-07 22:07| 来源: 网络整理| 查看: 265

wireshark

使用ping命令获取IP地址

 

在过滤器中设置目标地址为182.92.187.217和http协议后可以得到数据

使用右键追踪tcp流后看到http协议上方有三条tcp连接,即为tcp3次握手

 

其中对于IP协议获取到的报文内容如下

 

Internet Protocol Version 4, Src: 192.168.1.108, Dst: 182.92.187.217   0100 .... = Version: 4 //IP版本   .... 0101 = Header Length: 20 bytes (5) //首部长度   Differentiated Services Field: 0x00 (DSCP: CS0, ECN: Not-ECT) 服务类型   Total Length: 474 //总长度   Identification: 0xf3fe (62462) //标识   Flags: 0x40, Don't fragment //标志 MF=0,DF=1   ...0 0000 0000 0000 = Fragment Offset: 0 //片偏移   Time to Live: 128 //TTL   Protocol: TCP (6) //TCP协议版本   Header Checksum: 0x0000 [validation disabled] //校验和   [Header checksum status: Unverified]   Source Address: 192.168.1.108 //源IP   Destination Address: 182.92.187.217 //目的IP ​

TCP第一次握手:

 

Transmission Control Protocol, Src Port: 63627, Dst Port: 80, Seq: 4002316351, Len: 0   Source Port: 63627 //源端口   Destination Port: 80 //目的端口   [Stream index: 713]   [Conversation completeness: Complete, WITH_DATA (63)]   [TCP Segment Len: 0]   Sequence Number: 4002316351 //seq序号   [Next Sequence Number: 4002316352]   Acknowledgment Number: 0 //ack确认号   Acknowledgment number (raw): 0   1000 .... = Header Length: 32 bytes (8) //首部长度   Flags: 0x002 (SYN) //标志位       000. .... .... = Reserved: Not set       ...0 .... .... = Nonce: Not set       .... 0... .... = Congestion Window Reduced (CWR): Not set       .... .0.. .... = ECN-Echo: Not set       .... ..0. .... = Urgent: Not set //URG       .... ...0 .... = Acknowledgment: Not set //ACK       .... .... 0... = Push: Not set //PSH       .... .... .0.. = Reset: Not set //RST       .... .... ..1. = Syn: Set //SYN Set=1       .... .... ...0 = Fin: Not set //SYN       [TCP Flags: ··········S·]   Window: 64240 //窗口大小   [Calculated window size: 64240]   Checksum: 0x3471 [unverified] //校验和   [Checksum Status: Unverified]   Urgent Pointer: 0 //紧急指针   Options: (12 bytes), Maximum segment size, No-Operation (NOP), Window scale, No-Operation (NOP), No-Operation (NOP), SACK permitted       TCP Option - Maximum segment size: 1460 bytes       TCP Option - No-Operation (NOP)       TCP Option - Window scale: 8 (multiply by 256)       TCP Option - No-Operation (NOP)       TCP Option - No-Operation (NOP)       TCP Option - SACK permitted   [Timestamps] ​

可以看出,tcp第一次握手时,由客户端发送SYN包给服务器,将SYN为置1,序列号seq为4002316351

TCP第二次握手:

 

Transmission Control Protocol, Src Port: 80, Dst Port: 63627, Seq: 1438817122, Ack: 4002316352, Len: 0   Source Port: 80   Destination Port: 63627   [Stream index: 713]   [Conversation completeness: Complete, WITH_DATA (63)]   [TCP Segment Len: 0]   Sequence Number: 1438817122   [Next Sequence Number: 1438817123]   Acknowledgment Number: 4002316352   1000 .... = Header Length: 32 bytes (8)   Flags: 0x012 (SYN, ACK)       000. .... .... = Reserved: Not set       ...0 .... .... = Nonce: Not set       .... 0... .... = Congestion Window Reduced (CWR): Not set       .... .0.. .... = ECN-Echo: Not set       .... ..0. .... = Urgent: Not set       .... ...1 .... = Acknowledgment: Set //ACK set       .... .... 0... = Push: Not set       .... .... .0.. = Reset: Not set       .... .... ..1. = Syn: Set //SYN set       .... .... ...0 = Fin: Not set       [TCP Flags: ·······A··S·]   Window: 29200   [Calculated window size: 29200]   Checksum: 0x6fea [unverified]   [Checksum Status: Unverified]   Urgent Pointer: 0   Options: (12 bytes), Maximum segment size, No-Operation (NOP), No-Operation (NOP), SACK permitted, No-Operation (NOP), Window scale       TCP Option - Maximum segment size: 1440 bytes       TCP Option - No-Operation (NOP)       TCP Option - No-Operation (NOP)       TCP Option - SACK permitted       TCP Option - No-Operation (NOP)       TCP Option - Window scale: 7 (multiply by 128)   [Timestamps]       [Time since first frame in this TCP stream: 0.029402000 seconds]       [Time since previous frame in this TCP stream: 0.029402000 seconds]   [SEQ/ACK analysis]       [This is an ACK to the segment in frame: 62653]       [The RTT to ACK the segment was: 0.029402000 seconds]       [iRTT: 0.029541000 seconds] ​

服务器接收到SYN包之后,会给客户端发送ACK+SYN包,将ACK和SYN置1,其中ack为第一次握手时的seq+1,即ack=4002316352,seq为随机数1438817122

TCP第三次握手时:

 

Transmission Control Protocol, Src Port: 63627, Dst Port: 80, Seq: 4002316352, Ack: 1438817123, Len: 0   Source Port: 63627   Destination Port: 80   [Stream index: 713]   [Conversation completeness: Complete, WITH_DATA (63)]   [TCP Segment Len: 0]   Sequence Number: 4002316352   [Next Sequence Number: 4002316352]   Acknowledgment Number: 1438817123   0101 .... = Header Length: 20 bytes (5)   Flags: 0x010 (ACK)       000. .... .... = Reserved: Not set       ...0 .... .... = Nonce: Not set       .... 0... .... = Congestion Window Reduced (CWR): Not set       .... .0.. .... = ECN-Echo: Not set       .... ..0. .... = Urgent: Not set       .... ...1 .... = Acknowledgment: Set //ACK set       .... .... 0... = Push: Not set       .... .... .0.. = Reset: Not set       .... .... ..0. = Syn: Not set       .... .... ...0 = Fin: Not set       [TCP Flags: ·······A····]   Window: 1029   [Calculated window size: 263424]   [Window size scaling factor: 256]   Checksum: 0x3465 [unverified]   [Checksum Status: Unverified]   Urgent Pointer: 0   [Timestamps]   [SEQ/ACK analysis] ​

第三次握手,客户端给服务器发送ACK包,确认已经收到来自服务器的连接,ACK位置1

seq为第一次握手时发送的seq+1,即4002316352,ack为第二次握手时服务器发送给客户端的seq+1,即1438817123

总结如下:

SYNACKseqack第一次握手(客户端到服务器)1040023163510第二次握手(服务器到客户端)1114388171224002316352第三次握手(客户端到服务器)0140023163521438817123


【本文地址】

公司简介

联系我们

今日新闻

    推荐新闻

    专题文章
      CopyRight 2018-2019 实验室设备网 版权所有